US2025358188A1PendingUtilityA1
Systems and methods for network anomaly detection and policy enforcement
Est. expiryApr 26, 2043(~16.8 yrs left)· nominal 20-yr term from priority
H04L 41/14H04L 63/1441G06N 20/00H04L 63/1425H04L 63/0227H04L 41/0894H04L 63/20
68
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
This disclosure describes methods, devices, and systems for network anomaly detection and policy enforcement. An example method includes obtaining metadata for a plurality of network packets. The method also includes detecting an anomaly in the plurality of network packets by analyzing the obtained metadata and the operating information. The method also includes generating, without user input, a policy rule based on the detected anomaly. The method further includes enforcing the policy rule at the one or more network devices.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method of anomaly mitigation, the method comprising:
obtaining metadata for a plurality of network packets; obtaining operating information corresponding to one or more network devices; detecting an anomaly in the plurality of network packets by analyzing the obtained metadata and the operating information; generating, without user input, a policy rule based on the detected anomaly; and enforcing the policy rule at the one or more network devices.
2 . The method of claim 1 , wherein the policy rule is enforced via respective worker nodes implemented at each of the one or more network devices.
3 . The method of claim 1 , wherein the metadata includes packet header information for the plurality of network packets.
4 . The method of claim 1 , wherein the plurality of network packets includes one or more control protocol packets.
5 . The method of claim 1 , further comprising generating a time series profile of network elements and network operations, wherein the network elements comprise the one or more network devices and the anomaly is detected using the time series profile.
6 . The method of claim 1 , wherein the anomaly is detected using pattern matching or using one or more machine learning models.
7 . The method of claim 1 , wherein the metadata is obtained via a network collector device that is configured to mirror packet metadata from the plurality of network packets, wherein the mirrored packet metadata comprises packet header information.
8 . The method of claim 1 , wherein the anomaly is detected via an operations device distinct from the one or more network devices.
9 . The method of claim 1 , wherein the policy rule is generated via a policy device using a policy graph database.
10 . The method of claim 1 , wherein the anomaly corresponds to a fault in the one or more network devices.
11 . The method of claim 1 , wherein the anomaly corresponds to malicious activity.
12 . The method of claim 1 , wherein the anomaly comprises a routing anomaly.
13 . The method of claim 12 , wherein the routing anomaly corresponds to a change in a border gateway protocol (BGP) routing.
14 . The method of claim 1 , wherein the network packets correspond to at least one of: an optical network, a microwave-based network, a cellular network, and an Internet network.
15 . The method of claim 1 , wherein the policy rule comprises an evaluation component and an action component.
16 . The method of claim 1 , wherein generating the policy rule comprises augmenting a pre-existing set of policy rules.
17 . The method of claim 1 , wherein the operating information comprises one or more of: information about an operating state of the one or more network devices, information about a network state detected by the one or more network devices, and information about hardware and/or software of the one or more network devices.
18 . The method of claim 17 , wherein the operating information comprises information about a power supply of the one or more network devices.
19 . A non-transitory computer-readable storage medium storing one or more sets of instructions configured for execution by a computing system having control circuitry and memory, the one or more sets of instructions comprising instructions for:
obtaining metadata for a plurality of network packets; obtaining operating information corresponding to one or more network devices; detecting an anomaly in the plurality of network packets by analyzing the obtained metadata; generating, without user input, a policy rule based on the detected anomaly and the operating information; and enforcing the policy rule at the one or more network devices.
20 . A network interface component, comprising:
one or more processors; and memory storing one or more programs, wherein the one or more programs are configured to be executed by the one or more processors, the one or more programs including instructions for: obtaining metadata for a plurality of network packets; obtaining operating information corresponding to one or more network devices; detecting an anomaly in the plurality of network packets by analyzing the obtained metadata; generating, without user input, a policy rule based on the detected anomaly and the operating information; and enforcing the policy rule at the one or more network devices.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.